Session Upgrade

The Authentication Service enables for the upgrade of a valid session
token based on a second, successful authentication performed by the same user
to one realm. If a user with a valid session token attempts to authenticate
to a resource secured by his current realm, and this second authentication
request is successful, Authentication Service updates the session with the
new properties based on the new authentication. If the authentication fails,
the current user session is returned without an upgrade. If the user with
a valid session attempts to authenticate to a resource secured by a different
realm, the user will receive a message asking whether the user would like
to authenticate to the new realm. The user can choose to maintain the current
session, or can attempt to authenticate to the new realm. Successful authentication
will result in the old session being destroyed and a new one being created.